I apologize for what will probably be a lengthy post.. I'm fairly new with PHP and trying to get a working registration / log in system for users on my website for a final project.
The log in system was working for registered users until I modified the way registration is validated. I need to have some angular on the website for the project requirements so I created a registration page that looks like this :
register.php
<form ng-app="myApp" ng-controller="validateCtrl" name="myForm" method="post" action= "<?php htmlentities($_SERVER['PHP_SELF'])?>" novalidate>
<p>Username:<br>
<input type="text" name="myusername" value="myusername" ng-model="myusername" required>
<span style="color:red" ng-show="myForm.myusername.$dirty">
<span ng-show="myForm.myusername.$error.required">Username is required.</span>
</span>
</p>
<p>Password:<br>
<input type="password" name="mypassword" value="mypassword" ng-model="mypassword" required>
<span style="color:red" ng-show="myForm.mypassword.$error.required && myForm.mypassword.$dirty">Password Required</span>
</p>
<p>Email:<br>
<input type="email" name="myemail" value="myemail" ng-model="myemail" required>
<span style="color:red" ng-show="myForm.myemail.$dirty && myForm.myemail.$invalid">
<span ng-show="myForm.myemail.$error.required">Email is required.</span>
<span ng-show="myForm.myemail.$error.myemail">Invalid email address.</span>
</span>
</p>
<p>
<input type="Submit" name="Submit" value="Submit" ng-disabled="myForm.myusername.$invalid || myForm.myemail.$invalid || myForm.mypassword.$invalid">
</p>
if (isset($_POST['Submit'])) { //form submission
$newusername = sanitize($_POST['myusername']); //sanitize username, email, and password
$newpassword = sanitize($_POST['mypassword']); // encrypt password
$newemail = sanitize($_POST['myemail']);
$sqlname = "SELECT username FROM users WHERE username = '".$newusername."'";
$result1 = $conn->query($sqlname);
if ($result1->num_rows > 0) //make sure username does not exist
{
echo "
<script>
alert('Username already taken. Try again.')
</script>
";
}
$sqlemail = "SELECT email FROM users WHERE email = '".$newemail."'"; //make sure email does not exist
$result2 = $conn->query($sqlemail);
if ($result2->num_rows > 0)
{
echo "
<script>
alert('That email is already in use.')
</script>
";
}
if (($result1->num_rows < 1) && ($result2->num_rows < 1)) //if no results for username or email query register user
{
$sqlinsert = "INSERT INTO users SET username = '".$newusername."', password = '".$newpassword."', email = '".$newemail."'";
$conn->query($sqlinsert);
echo "".$newusername." has registered. ";
}
};
?>
The registration is working just fine. If I register a user named 'testuser' with 'testpassword' it shows up in the user database.
The issue is now any accounts created with the angular registration are not able to log in. (Accounts created before adding the angular work fine)
The log in pages look like this:
Login.php
<form id='form1' name='form1' method='post' action='php/checklogin.php'>
<form role='form'>
<div class='form-group'>
<label for='username'>Username</label><input type='text' class='form-control' id='myusername' name='myusername'>
</div>
<div class='form-group'>
<label for='password'>Password</label><input type='password' class='form-control' id='mypassword' name='mypassword'>
</div>
<button type='submit' id='Submit' name='Submit' value='Submit' class='btn btn-default'>Submit</button>
</form>
checklogin.php
<?php
require("connect.php");
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
$query = $conn-> prepare("SELECT * FROM users WHERE username ='".$myusername."' AND password='".$mypassword."'");
$query->execute();
$query->store_result();
$result = $query->num_rows;
if ($result < 1 ){
//header('Refresh: 2;url=..\login.php');
echo "<span style='color: red'>Wrong Username or Password. Try again.</span>";
var_dump($myusername, $mypassword);
}
else if ($result > 0) {
session_start();
$_SESSION['myusername']= $myusername;
header('Refresh: 0;url=..\index.php');
}
else {
echo "oops, there was an error";
}
?>
For some reason I am now getting invalid username / password for any account I create when I try to log in with it.
The var dump shows the variable values are being set - ie (user="testuser" password="testpassword") and the user is in the database however the query is failing.
Any help would be appreciated! Thank you!
